We are moving to Git Issues for bug tracking in future releases. During transition, content will be in both tools. If you'd like to file a new bug, please create an issue.

Bug 2510 - Address email privacy/security concerns
Address email privacy/security concerns
Product: OJS
Classification: Unclassified
Component: Authors
PC Linux
: P1 normal
Assigned To: PKP Support
Depends on:
  Show dependency treegraph
Reported: 2007-01-11 09:30 PST by Alec Smecher
Modified: 2007-07-30 12:09 PDT (History)
0 users

See Also:
Version Reported In:
Also Affects:

Patch against pre-2.2 CVS (7.80 KB, patch)
2007-07-30 12:09 PDT, Alec Smecher
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alec Smecher 2007-01-11 09:30:04 PST
1. Authors may be concerned that they are exposing their email addresses when registering and submitting online.

a) Add a link from the registration form to 2.3 Privacy Statement, where the email policy can be provided by the JM.

b) Hide the author's email address when sending messages from the Reading Tools.

2. Someone may at some point attempt to use OJS as a mail relay. This would not work very well, but just in case:

a) Implement a check to ensure that a single user account isn't sending out emails at too great a rate, i.e. one per thirty seconds

b) Perhaps also implement a check on the maximum number of recipients for users below a certain access level?
Comment 1 Alec Smecher 2007-01-18 15:36:40 PST
1a: The privacy statement is already included on the bottom of the registration form.
Comment 2 Alec Smecher 2007-01-18 15:59:10 PST
1. implemented:

a) Added link to bottom of page beside email field (otherwise privacy statement can be overlooked)

b) Author email address now hidden. Should no longer be visible to readers anywhere in the system.
Comment 3 Alec Smecher 2007-07-30 12:09:08 PDT
Created attachment 247 [details]
Patch against pre-2.2 CVS
Comment 4 Alec Smecher 2007-07-30 12:09:46 PDT
Implemented remaining points. Time between emails (for non-priveleged users) and maximum number of recipients configured in config.inc.php.